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dments to the Claims 



listing of claims replaces all prior versions and listing of claims in this application. 



Listing of the Claims 

Claim 1. (Currently Amended) A method for transferring a first root key between a key 
provider system and a second other system via an information network comprising the steps of: 

a) encrypting the first root key using a first super- root key of the key provider system; 

b) providing within the second other system a first secure module having a second super- 
root key within a read-only memory circuit thereof and provided with the first secure module, the 
second super-root key accessible only by program code being executed on a processor internal to 
the first secure module, and wherein the second super-root key is other than modifiable and other 
than accessible outside of the module , and wherein the second super-root key is a private key ; 

bl) automatically generating by the first secure module a root key request in dependence 
on a root key status; 

c) transferring the encrypted first root key from the key provider system to the second 
other system via the information network in response to the root key request ; 

d) providing the encrypted first root key to the processor internal to the first secure 
module of the second other system; and, 

e) executing program code on the processor internal to the first secure module to decrypt 
the encrypted first root key using the second super-root key stored within the read-only memory 
circuit of the first secure module and to store the decrypted first root key internally within a 
secure key memory location of the first secure module , wh e r e in th e first root k e y i s u se abl e for at 
l e ast on e of e ncrypting or d e crypting privat e k e ys, and wh e r e in a bit l e ngth of th e first sup e r root 
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k e y is gr e at e r than a bit length of th e first root k e y, and said bit l e ngth of th e first root k e y is 
gr e ater than a bit length of any of said privat e k e ys b e ing e ncrypt e d or d e crypt e d . 

Claim 2. (Previously Presented) The method according to claim 1 wherein the processor 
internal to the module accesses the second super-root key only for decrypting encrypted root 
keys, wherein the decrypted root keys are then stored within the module inaccessible outside the 
secure module. 

Claim 3. (Original) The method according to claim 2 wherein the step (a) is performed in 
a corresponding secure module. 

Claim 4. (Currently Amended) The method according to claim 3 wherein the processor 
internal to the first secure module accesses the second super-root key only in response to a 
request from [[a]] the corresponding secure module. 

Claim 5. (Previously Presented) The method according to claim 4 wherein the second 
super-root key and the first super-root key are the private and public portions of an asymmetric 
private/public-key pair, respectively. 

Claim 6. (Previously Presented) The method according to claim 4 wherein the second 
super-root key and the first super-root key are a same private key for use with a symmetric key- 
based encryption algorithm. 
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Claim 7. (Previously Presented) The method according to claim 6 comprising the 
additional step prior to step a) of: al) generating a first root key within a key-generating 
processor internal to the key provider system. 

Claim 8. (Original) The method according to claim 7 wherein the key-generating 
processor is embodied on the corresponding secure module. 

Claim 9. (Cancelled) 

Claim 10. (Currently Amended) A method for transferring a first super- root key between 
a key provider system and a second other system via an information network comprising the 
steps of: 

a) encrypting the first super root key using a first second super-root key of the key 
provider system; 

b) providing within the second other system a first secure module having s e cond and 
third and fourth super-root keys within a memory circuit thereof, the s e cond and third and fourth 
super-root keys accessible only by program code being executed on a processor internal to the 
first secure module for decrypting encrypted root keys and encrypted super-root keys and for 
storing the decrypted feet keys within a memory circuit of the first secure module, and wherein 
the s e cond and third and fourth super-root keys are other than accessible outside of the module^ 
and wherein the third and fourth super-root keys are private keys ; 

bP automatically generating by the first secure module a super-root key request in 
dependence on a super-root key status; 
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c) transferring the encrypted first super- root key from the key provider system to the 
second other system via the information network in response to the super-root key request ; 

d) providing the encrypted S*st fourth super- root key to the processor internal to the first 
secure module of the second other system; and, 

e) executing program code on the processor internal to the first secure module to decrypt 
the encrypted first super- root key using the s e cond third super-root key stored within the memory 
circuit of the first secure module and to store the decrypted first super- root key internally within 
a secure key memory location of the first secure module , wh e r e in th e first root k e y is us e abl e for 
at l e ast on e of e ncrypting or d e crypting privat e k e ys, and wh e r e in a bit l e ngth of th e second 
sup e r root k e y is gr e at e r than a bit l e ngth of th e first root k e y, and said bit l e ngth of th e fir s t root 
k e y is gr e at e r than a bit l e ngth of any of s aid privat e k e y s b e ing e ncrypt e d or decrypt e d . 

Claim 1 1 . (Currently Amended) A method for transferring a first super- root key between 
a key provider system and a second other system via an information network according to claim 
1 0 further comprising the steps of: 

f) e ncrypting a fourth sup e r root k e y using on e of th e third sup e r root k e y and a k e y 
corr e sponding to th e third s up e r root k e y; 

g) transf e rring the e ncrypt e d fourth sup e r root key from th e k e y provid e r syst e m to the 
s e cond oth e r syst e m via th e information n e twork; 

h) providing th e e ncrypt e d fourth s up e r - root k e y to th e processor int e rnal to the first 
se cur e modul e of th e s e cond oth e r syst e m; and, 

i) executing program code on the processor internal to the first secure module to d e crypt 
th e e ncrypt e d fourth sup e r - root k e y using th e third sup e r root k e y stor e d within th e m e mory 
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circuit of th e first s e cure modul e and to store the decrypted fourth first super-root key within the 
memory circuit of the first secure module at a location corresponding approximately to the 
location where the s e cond fourth super-root key was stored. 

Claim 12. (Currently Amended) The method according to claim 1 1 wherein one of the 
s e cond and third and fourth super-root keys are only replaceable through use of anoth e r the other 
of the s e cond and third and fourth super-root keys. 

Claim 13. (Cancelled) 

Claim 14. (Previously Presented) The method according to claim 1 1 wherein the step of 
storing the decrypted fourth first super-root key comprises the steps of: 

11) erasing the s e cond fourth super-root key from a first storage area of the memory 
circuit; and, 

12) storing the decrypted fourth first super-root key within approximately the same first 
storage area of the same memory circuit. 

Claim 15. (Currently Amended) A secure module for use in a system for transferring a 
secure root key between a key provider system and a second other system via an information 
network that is other than secure , the comprising a secure module in operative communication 
with the second other system, the secure module including: 

an encryption processor; 
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an input port for receiving encrypted electronic data from outside the module and for 
providing the encrypted electronic data to the encryption processor; 

a memory circuit in operative communication with the encryption processor for storing at 
least a first super-root key; 

memory storage having program code stored therein and executable on the encryption 
processor for, upon receipt of an encrypted secure root key, decrypting the encrypted secure root 
key using the at least a first super-root key and for storing the decrypted secure root key within 
the memory circuit, the at least a first super-root key being other than accessible by any code 
other than the program code and being other than modifiable thereby, wherein the at least a first 
super-root key is a private key s e cur e root k e y i s us e abl e for at least on e of e ncrypting or 
d e crypting privat e k e ys, and wh e r e in a bit l e ngth of th e first sup e r root k e y i s gr e ater than a bit 
l e ngth of th e s e cur e root k e y, and said bit l e ngth of th e s e cur e root k e y is great e r than a bit l e ngth 
of any of said privat e k e ys b e ing e ncrypt e d or d e crypt e d ; and 

a root key request generator for generating a root key request in dependence on a root key 

status . 

Claim 16. (Currently Amended) The syst e m secure module according to claim 15 
wherein the code executable on the encryption processor accesses the at least a first super-root 
key only in response to a request from a corresponding secure module. 

Claim 17. (Currently Amended) The syst e m secure module according to claim 16 
wherein the code executable on the encryption processor is only for performing encryption 
functions the results of which are inaccessible outside of the module. 
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Claim 18. (Currently Amended) The syst e m secure module according to claim 17 
wherein the memory circuit for storing the at least a first super-root key is a read-only memory 
circuit. 

Claim 19. (Currently Amended) The system secure module according to claim 18 
wherein the module is FIPS 140 compliant. 

Claim 20. (Currently Amended) The system secure module according to claim 1 9 
wherein the module includes a tamper detection circuit for erasing the at least a first super-root 
key in dependence upon a detected attempt to access the electronic contents of the module in an 
unauthorized fashion. 

Claim 21. (Currently Amended) A secure module for use in a system for transferring a 
secure super- root key between a key provider system and a second other system via an 
information network that is other than secure , the comprising a secure module in operative 
communication with the second other system, the secure module including: 

an encryption processor; 

an input port for receiving encrypted electronic data from outside the module and for 
providing the encrypted electronic data to the encryption processor; 

a memory circuit in operative communication with the encryption processor for storing a 
first super-root key within a first memory location thereof and for storing a second super-root 
key within a second other memory location thereof; 
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memory storage having program code stored therein and executable on the encryption 
processor for, upon receipt of an encrypted third super-root key from th e s e cond oth e r syst e m , 
decrypting the encrypted third super-root key using one of the first and second super-root keys 
and for storing the decrypted third super-root key at a memory location corresponding to the 
other one of the first and second super-root keys, the first , second, and third and second super- 
root keys when stored in the memory circuit being accessible only by the program code and 
being modifiable only by the program code for all modifications excluding erasure, wherein the 
first, second, and third super-root keys are private keys third super root k e y is us e abl e for 
d e crypting th e s e cur e root key and th e secur e root k e y i s us e able for at l e ast on e of e ncrypting or 
d e crypting privat e k e ys, and wh e r e in a bit l e ngth of th e third s uper root k e y i s gr e ater than a bit 
l e ngth of th e s e cur e root k e y, and said bit l e ngth of the s e cur e root k e y is gr e at e r than a bit l e ngth 
of any of said private keys being encrypt e d or d e crypt e d ; and 

a super-root key request generator for generating a super-root key request in dependence 
on a super-root key status . 

Claim 22. (Currently Amended) The syst e m secure module according to claim 21 
wherein the code executable on the encryption processor accesses the first and s e cond super-root 
keys stored in the memory circuit only in response to a request from a corresponding secure 
module. 

Claim 23. (Currently Amended) The syst e m secure module according to claim 22 
wherein the code executable on the encryption processor is eaiy for performing encryption 
functions the results of which are inaccessible outside of the module. 
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Claim 24. (Currently Amended) The syst e m secure module according to claim 23 
wherein the memory circuit for storing the first and s e cond super-root keys is a non-volatile 
reprogrammable memory circuit. 

Claim 25. (Currently Amended) The syst e m secure module according to claim 23 
wherein the memory circuit for storing the first and s e cond super-root keys is one of an 
electrically erasable programmable read-only memory (EEPROM) circuit and a random access 
memory (RAM) circuit having an on-board power supply in the form of a battery. 

Claim 26. (Currently Amended) The syst e m secure module according to claim 25 
wherein the module is FPS140 compliant. 

Claim 27. (Currently Amended) The s yst e m secure module according to claim 26 
wherein the module includes a tamper detection circuit for erasing every cryptographic key 
stored within the memory circuit in dependence upon a detected attempt to access the electronic 
contents of the module in an unauthorized fashion. 

Claims 28-31. (Canceled) 

Claim 32. (New) The method of claim 1 wherein the first root key is for at least one of 
encrypting and decrypting key pairs that are used for encrypting and decrypting messages 
between the second other system and one or more client stations. 
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33. (New) The method of claim 10 wherein the first, third, and fourth super-root keys are 
only for decrypting at least one of encrypted private root keys and encrypted private super-root 
keys generated by the key provider system. 
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